检测 iOS 应用是否存在篡改和二次签名打包的风险

应用被篡改后二次打包不仅发者的利益，而且也使 APP 用户遭受到不法应用的恶意侵害。攻击者可以通过对客户端程序添加或修改代码，修改客户端资源图片、配置信息、图标，添加广告，二次打包成其他应用，导致大量盗版应用的出现；还能添加病毒代码、添加恶意代码，实现应用钓鱼，从而窃取登录账号密码、支付密码等。
以下是实现代码:

- (BOOL)checkCodesign:(NSString*)teamID {
    //获取描述文件路径
    NSString *embeddedPath = [[NSBundle mainBundle] pathForResource:@"embedded" ofType:@"mobileprovision"];
    if ([[NSFileManager defaultManager] fileExistsAtPath:embeddedPath]) {
        // 读取application-identifier
        NSString *embeddedProvisioning = [NSString stringWithContentsOfFile:embeddedPath encoding:NSASCIIStringEncoding error:nil];
        NSArray *embeddedProvisioningLines = [embeddedProvisioning componentsSeparatedByCharactersInSet:[NSCharacterSet newlineCharacterSet]];
        for (int i = 0; i < [embeddedProvisioningLines count]; i++) {
            if ([[embeddedProvisioningLines objectAtIndex:i] rangeOfString:@"application-identifier"].location != NSNotFound) {
                NSInteger fromPosition = [[embeddedProvisioningLines objectAtIndex:i+1] rangeOfString:@"<string>"].location+8;
                NSInteger toPosition = [[embeddedProvisioningLines objectAtIndex:i+1] rangeOfString:@"</string>"].location;
                NSRange range;
                range.location = fromPosition;
                range.length = toPosition - fromPosition;
                NSString *fullIdentifier = [[embeddedProvisioningLines objectAtIndex:i+1] substringWithRange:range];
                NSArray *identifierComponents = [fullIdentifier componentsSeparatedByString:@"."];
                NSString *appIdentifier = [identifierComponents firstObject];
                // 对比签名ID
                if ([appIdentifier isEqual:teamID]) {
                    NSLog(@"签名验证签名验证成功");
                    return YES;
                } else{
                    NSLog(@"签名验证签名验证失败");
                    return NO;
                }
                break;
            }
        }
    }
}